openssl: update to 0.9.8j. thanks puchu. - addresses CVE-2008-5077
authorAndy Boyett <agb@openwrt.org>
Mon, 19 Jan 2009 09:50:41 +0000 (09:50 +0000)
committerAndy Boyett <agb@openwrt.org>
Mon, 19 Jan 2009 09:50:41 +0000 (09:50 +0000)
SVN-Revision: 14102

package/openssl/Makefile
package/openssl/patches/100-parallel-build.patch [new file with mode: 0644]
package/openssl/patches/140-makefile-dirs.patch
package/openssl/patches/160-disable_doc_tests.patch

index 43ca3be..a2de0e0 100644 (file)
@@ -9,15 +9,15 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
-PKG_VERSION:=0.9.8i
-PKG_RELEASE:=3
+PKG_VERSION:=0.9.8j
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.openssl.org/source/ \
        ftp://ftp.funet.fi/pub/crypt/cryptography/libs/openssl/source/ \
        ftp://ftp.webmonster.de/pub/openssl/source/ \
        ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/
-PKG_MD5SUM:=561e00f18821c74b2b86c8c7786f9d8b
+PKG_MD5SUM:=a5cb5f6c3d11affb387ecf7a997cac0c
 
 PKG_BUILD_DEPENDS:=ocf-crypto-headers
 
@@ -70,10 +70,10 @@ endef
 OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 no-smime \
                                        no-rmd160 no-aes192 no-ripemd no-camellia no-ans1 no-krb5
 ifeq ($(BOARD),ixp4xx)
-OPENSSL_OPTIONS:= shared no-ec no-err no-fips no-hw no-threads zlib-dynamic \
+OPENSSL_OPTIONS:= shared no-ec no-err no-hw no-threads zlib-dynamic \
                                        no-sse2 no-perlasm --with-cryptodev
 else
-OPENSSL_OPTIONS:= shared no-ec no-err no-fips no-hw no-threads zlib-dynamic \
+OPENSSL_OPTIONS:= shared no-ec no-err no-hw no-threads zlib-dynamic \
                                        no-engines no-sse2 no-perlasm
 endif
 
diff --git a/package/openssl/patches/100-parallel-build.patch b/package/openssl/patches/100-parallel-build.patch
new file mode 100644 (file)
index 0000000..eace0f4
--- /dev/null
@@ -0,0 +1,24 @@
+diff -uNr openssl-0.9.8j.ORIG/Makefile.org openssl-0.9.8j/Makefile.org
+--- openssl-0.9.8j.ORIG/Makefile.org   2009-01-07 18:06:31.000000000 +0000
++++ openssl-0.9.8j/Makefile.org        2009-01-07 18:08:38.000000000 +0000
+@@ -333,15 +333,15 @@
+               dir=crypto; target=all; $(BUILD_ONE_CMD)
+ build_fips:
+       @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
+-build_ssl:
++build_ssl: build_crypto
+       @dir=ssl; target=all; $(BUILD_ONE_CMD)
+-build_engines:
++build_engines: build_crypto
+       @dir=engines; target=all; $(BUILD_ONE_CMD)
+-build_apps:
++build_apps: build_libs
+       @dir=apps; target=all; $(BUILD_ONE_CMD)
+-build_tests:
++build_tests: build_libs
+       @dir=test; target=all; $(BUILD_ONE_CMD)
+-build_tools:
++build_tools: build_libs
+       @dir=tools; target=all; $(BUILD_ONE_CMD)
+ all_testapps: build_libs build_testapps
index b35c8de..d0eaec9 100644 (file)
@@ -1,13 +1,11 @@
-Index: openssl-0.9.8e/Makefile.org
-===================================================================
---- openssl-0.9.8e.orig/Makefile.org   2007-06-04 13:23:32.048861728 +0200
-+++ openssl-0.9.8e/Makefile.org        2007-06-04 13:23:32.857738760 +0200
-@@ -104,7 +104,7 @@
- ZLIB_INCLUDE=
- LIBZLIB=
+--- openssl-0.9.8j/Makefile.org        2008-12-30 14:26:26.000000000 +0100
++++ openssl-0.9.8j.patched/Makefile.org        2009-01-17 13:41:52.610868317 +0100
+@@ -131,7 +131,7 @@
  
--DIRS=   crypto ssl engines apps test tools
-+DIRS=   crypto ssl apps
- SHLIBDIRS= crypto ssl
+ BASEADDR=
+-DIRS=   crypto fips ssl engines apps test tools
++DIRS=   crypto fips ssl apps
+ SHLIBDIRS= crypto ssl fips
  
  # dirs in crypto to build
index 9706a0b..07c8e57 100644 (file)
@@ -1,17 +1,16 @@
-Index: openssl-0.9.8e/Makefile
-===================================================================
---- openssl-0.9.8e.orig/Makefile       2007-06-04 13:23:31.995869784 +0200
-+++ openssl-0.9.8e/Makefile    2007-06-04 13:23:33.246679632 +0200
-@@ -106,7 +106,7 @@
- ZLIB_INCLUDE=
- LIBZLIB=
--DIRS=   crypto ssl engines apps test tools
-+DIRS=   crypto ssl engines apps tools
+diff -burN openssl-0.9.8j/Makefile openssl-0.9.8j.patched/Makefile
+--- openssl-0.9.8j/Makefile    2009-01-07 12:57:01.000000000 +0100
++++ openssl-0.9.8j.patched/Makefile    2009-01-17 14:16:50.279667198 +0100
+@@ -133,7 +133,7 @@
+ BASEADDR=0xFB00000
+-DIRS=   crypto fips ssl engines apps test tools
++DIRS=   crypto fips ssl engines apps tools
  SHLIBDIRS= crypto ssl
  
  # dirs in crypto to build
-@@ -123,7 +123,7 @@
+@@ -150,7 +150,7 @@
  
  # tests to perform.  "alltests" is a special word indicating that all tests
  # should be performed.
@@ -20,7 +19,7 @@ Index: openssl-0.9.8e/Makefile
  
  MAKEFILE= Makefile
  
-@@ -135,7 +135,7 @@
+@@ -162,7 +162,7 @@
  
  TOP=    .
  ONEDIRS=out tmp
@@ -29,16 +28,16 @@ Index: openssl-0.9.8e/Makefile
  WDIRS=  windows
  LIBS=   libcrypto.a libssl.a
  SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-@@ -225,7 +225,7 @@
-       @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
+@@ -321,7 +321,7 @@
+       ../crypto/uid.o
  
  sub_all: build_all
 -build_all: build_libs build_apps build_tests build_tools
 +build_all: build_libs build_apps build_tools
  
- build_libs: build_crypto build_ssl build_engines
+ build_libs: build_crypto build_fips build_ssl build_shared build_engines
  
-@@ -475,7 +475,7 @@
+@@ -610,7 +610,7 @@
  dist_pem_h:
        (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
  
@@ -47,11 +46,10 @@ Index: openssl-0.9.8e/Makefile
  
  install_sw:
        @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
-Index: openssl-0.9.8e/Makefile.org
-===================================================================
---- openssl-0.9.8e.orig/Makefile.org   2007-06-04 13:23:32.857738760 +0200
-+++ openssl-0.9.8e/Makefile.org        2007-06-04 13:23:33.246679632 +0200
-@@ -473,7 +473,7 @@
+diff -burN openssl-0.9.8j/Makefile.org openssl-0.9.8j.patched/Makefile.org
+--- openssl-0.9.8j/Makefile.org        2008-12-30 14:26:26.000000000 +0100
++++ openssl-0.9.8j.patched/Makefile.org        2009-01-17 14:14:18.874409981 +0100
+@@ -608,7 +608,7 @@
  dist_pem_h:
        (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)